Is the API being hacked?

  • metiski

    (@metiski)


    5 months, 2 weeks ago

    Hi,
    I’ve been using mycryptocheckout for over 2 years until recently when I noticed crypto addresses different from the standard ones appearing in the checkout for customers to complete their payment.

    My setup has fixed crypto addresses and they haven’t been changed; the settings are the same as always.

    The problem seems to be with the API connection between my website and the mycryptocheckout servers. Coincidentally, the API connection is being “cut off,” and a different wallet address is appearing in the checkout for customers. However, everything normalizes when I reconnect the API using the “Refresh your account data” option in the account tab and then “Test communication” in the Tools tab. After doing this, the checkout wallet is normalized and the original address reappears.

    This is repeating every day after a few hours… My setup has been the same for over 2 years. I don’t believe anything on my website has been compromised; it seems to be something on the mycryptocheckout server side. Could you review your API system? I am available for further details.

    I also sent you an email.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author edward_plainview

    (@edward_plainview)

    5 months, 2 weeks ago

    Hi everyone,

    We rolled out an update to address the reported connection anomalies here affecting some users.

    Step 1: Update to Version 2.152. We have just released a new version of the MyCryptoCheckout plugin on the WordPress repository.

    This update implements strict API IP Verification.

    This ensures your website will only accept communication from our official API servers. It effectively blocks any third-party or malicious actors from attempting to send “fake payloads” or spoof connection data to your site.

    Step 2: Refresh your connection or it will happen on the next cron job automatically. This will reset of all API authentication tokens. To do it manually go to MyCryptoCheckout settings, click “Refresh Account Data”.

    This invalidates any “ghost” or corrupted keys and ensures your site is using a fresh, secure connection that is now protected by the new IP verification lock.

    Step 3: Verify Your Checkout After updating and refreshing, check your checkout page.

    If the correct wallet address appears: Your connection is secure.

    Critical Note: If you still see a different wallet address after updating the plugin and refreshing the key, this confirms the issue is Client-Side Malware on your specific website (unrelated to our API). You must scan your site for hidden admin users or unauthorized scripts.

    Plugin Author edward_plainview

    (@edward_plainview)

    5 months, 1 week ago

    1. Hackers have been targeting woocommerce installs with crypto payments. Different hacking patterns: brute forcing passwords, vulnerable plugins (especially file manager plugins), etc. Adding fake admins, and changing code via the dashboard code editor not settings panels.

    This sounds like what your describing if it reappeared. Were you using the exact same plugins on the fresh install?

    2. More sophisticated hackers recently targeted some sites that connect to our API, by sending “fake payloads” or spoofing connection data. The official API was not hacked. See – https://ww.wp.xz.cn/support/topic/is-the-api-being-hacked/#post-18768191

    V2.152 or greater implemented strict API IP Verification for #2 within hours of the first report. We’ve also been adding other security features to stop any new admins being added from other 3rd party WordPress plugins vulnerabilities.

    If you’re still having trouble or want additional support, email us.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Is the API being hacked?’ is closed to new replies.